Configuration

This page summarizes what you need to run or configure InboxOps from an admin perspective. It does not expose secrets or internal-only details.

What you need (overview)

• Browser — Modern browser for the web app.
• Account — Sign up or be invited to a workspace.
• API and web app — The product consists of an API server and a web application. For hosted InboxOps, these are provided; for self-hosted, you deploy both.
• Mailboxes — Connect Microsoft 365 or Gmail via OAuth. Email is ingested through the providers’ APIs; no mailbox passwords are stored in InboxOps.

Environment variables (for admins / self-hosted)

Only variables that are safe to document for customer/admin use are listed here. Do not document secrets (e.g. JWT_SECRET) or internal URLs in public docs.

• API
  • CORS_ORIGIN — Comma-separated list of allowed origins for CORS (e.g. https://app.inboxops.app). In production this must be set; the API will reject requests from origins not in this list. Used so the web app can call the API.

Other configuration (database, queues, storage, provider credentials) is deployment-specific and not covered in this customer-facing doc. Internal / not publicly documented.

Required services

• API — Handles auth, workspace-scoped resources, and webhooks. Must be reachable by the web app and by webhook callbacks from providers (Microsoft, Google).
• Web app — Served over HTTPS. Users log in and use the Inbox, Settings, and Admin pages.
• Mailbox providers — Microsoft 365 and Gmail are supported via OAuth and their respective webhook/push mechanisms. InboxOps does not store mailbox passwords.

For deployment on Cloudflare Pages (docs site only), see Deploying the docs in Release notes.